|Network Security Consulting SecurityFocus Article
Privacy Survey Urged For Counterterror Programs
The National Research Council called on Tuesday for all U.S. counterterrorism programs to be evaluated for the degree to which they protect privacy.
In a report published on Tuesday, the group of scientists offered a framework that agencies can use to grade their programs on key facets, including data privacy, and urged lawmakers to revisit legislation that could better protect privacy in such programs. The report acknowledged the threat of terrorism as a real and urgent concern, calling for the use of information technologies to help combat terrorists. The fight against terrorism, however, should not excuse massive numbers of false-positive matches that could lead to privacy violations, the National Research Council said in a statement announcing the publication of the report.
"Poor-quality data are a major concern in protecting privacy because inaccuracies may cause data-mining algorithms to identify innocent people as threats," the statement summarized from the report. "Linking data sources together tends to compound the problem; current literature suggests that a 'mosaic' of data assembled from multiple databases is likely to be error-prone.Analysts and officials should be aware of this tendency toward errors and the consequent likelihood of false positives."
Privacy worries have dogged the Bush Administration's initiatives aimed at fighting terrorism. The National Security Agency (NSA) became a focus in the wiretapping debate when the New York Times reported that the agency had eavesdropped on the Internet activities and phone calls of U.S. citizens as well as foreign terrorism targets without seeking the warrant required by law. Many telecommunications companies allegedly cooperated with the U.S. government and have faced lawsuits as a result. In March, a security consultant claimed the existence of a "Quantico circuit" that provided a third party -- presumably a federal agency -- with unfettered access to a cellular phone company's network.
In July, President Bush signed into law a bill that amended restrictions on surveilling international communications and gave retroactive immunity to telecommunications companies.
In its report, the National Research Council warned that data mining technologies used to identify potential terrorists have many technical issues. Data garnered from the private sector is, in many cases, of poor quality.
"All information-based programs should be accompanied by robust, independent oversight to ensure that privacy safeguards are not bypassed in daily operations," the NRC stated. "Systems should log who accesses data, thus leaving a trail that can itself be mined to monitor for abuse."
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos